CCPA is a California law giving residents more control over their personal data, including knowing what is collected and opting out of sales.
A Canary Release is a deployment strategy where new software versions are rolled out to a small subset of users before a full release.
Certificate Authority (CA) is a trusted entity that issues and manages digital certificates to verify identities over a network.
Chain of Custody refers to the documented process that proves the integrity of data from collection through to presentation.
Change Management is the process of managing and adapting to changes in an organization to minimize disruption and maximize efficiency.
A changelog is a chronological record detailing notable changes made to software, aiding in transparency, trust, and security.
Clickjacking is a web attack that deceives users by overlaying or hiding elements, tricking them into unknowingly clicking on malicious content or performing unintended actions.
Cloud Security is a set of policies, controls, and technologies used to protect data, applications, and infrastructure in the cloud.
A code commit is the process of submitting changes to a version control system, marking the evolution of software projects.
Code Coverage measures the extent to which source code is tested, indicating which parts are executed by tests, helping identify untested areas.
Code Injection is a security vulnerability that allows attackers to introduce malicious code into a program, altering its execution.
Code obfuscation is a method used to make source code harder to understand or reverse engineer, thus enhancing software security.
Code repositories are storage spaces where developers store and manage their source code, enabling version control, collaboration, and code reuse.
Code Review is the systematic examination of source code for error detection and improvement of coding practices.
Code signing is the process of digitally signing executables or scripts, validating the software author and ensuring code hasn't been altered.
Codebase refers to the whole set of source code that builds an application, including its dependencies and components.
CVE is a list of publicly disclosed security flaws in software, providing a standardized method for identifying vulnerabilities.
Common Vulnerability Scoring System (CVSS) is a framework used to assess and rate the severity of security vulnerabilities in software or systems.
CWE is a community-developed list of common software and hardware weakness types, used to identify and mitigate vulnerabilities.
CAPTCHA is a system used to distinguish human from machine input, typically as a way of thwarting spam and automated data extraction.
Compliance refers to ensuring the software components and dependencies adhere to legal and regulatory standards.
Compliance auditing is the process of checking if a company adheres to its stated policies, regulations, and industry standards.
Configuration Management is the process of systematically managing, organizing, and controlling changes in a system's components throughout its lifecycle.
Container Security ensures the integrity of containerized applications, safeguarding them from vulnerabilities and threats.
Containerization is the method of encapsulating an application in a container with its own operating environment for consistent execution.
A Content Security Policy (CSP) is a security feature that helps to prevent malicious attacks, such as cross-site scripting (XSS) and data injection attacks.
Continuous Deployment is a strategy that automates the delivery of software changes to production after passing a series of automated tests.
Continuous Integration is a dev practice where developers merge code changes frequently to detect integration issues early and ensure code quality.
A contributor in application security aids in project development, ensuring that security is integrated at every stage, from code to documentation.
CORS policy controls how resources are accessed from different origins in a web app, defining what's permitted by the server.
CORS is a browser security feature allowing web pages from one domain to safely request resources from another domain.
Cross-Site Request Forgery (CSRF) is an attack that tricks users into executing unwanted actions on authenticated web sessions.
Cross-Site Request Forgery (CSRF) DoS is a web attack that misuses authenticated sessions to flood a target, disrupting its service.
Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into webpages viewed by other users.
Cryptanalysis is the study of deciphering encrypted data and breaching cryptographic systems without knowing the encryption key.
Cryptographic Security involves using cryptographic protocols to protect information and communications through encoding to ensure confidentiality.
Cyber criminals are individuals or groups who use technology to commit illegal activities, often targeting digital systems and data.
Cyber hygiene refers to routine practices to maintain system health and improve online security against digital threats.
Cyber Resilience is the ability to withstand, respond to, and recover from cyber threats while ensuring business continuity.
Cyber Threat Intelligence is the process of gathering and analyzing information about potential attacks to prevent and mitigate cybersecurity risks.
Cybersecurity is the practice of protecting networks, devices, and data from digital attacks, damage, or unauthorized access.
A Cybersecurity Framework is a set of guidelines to identify, protect, detect, respond, and recover from cyber threats, bolstering software security.
Cybersecurity Maturity Model Certification (CMMC) is a unified standard for cybersecurity to protect U.S. Defense Department data.
Cyberwarfare is the use of digital attacks by nations or groups to disrupt, damage, or gain unauthorized access to an adversary's computer systems.